According to an article published today by Security Ledger (link), Malta-based security firm ReVuln has discovered a “hole” in Samsung’s Linux-based Smart TV software that could give a hacker near-complete access to the television. This includes the built-in HD camera, microphones, any file on the television, and any connected USB drive. In effect, this would allow a hacker of Samsung’s 2012 8000 series LED and plasma TVs to hear and/or view the TV’s owners. HD Guru raised this possibility in our article “Is Your New HDTV Watching You” published this past March.
Details after the break.
ReVuln’s researchers discovered the “hole” as part of its security research on IP-enabled Smart TVs like these and other Samsungs and other major brands. According to the Security Link article, ReVuln only reveals the specific details of its research findings to subscribers and does not plan to provide a fix or work with Samsung to develop one. HD Guru contacted ReVuln and Samsung for comment and will add their response if and when provided.
Update 12/14/2012: Samsung statement
“We have discovered that only in extremely unusual circumstances a connectivity issue arises between Samsung Smart TV’s released in 2011 and other connected devices. We assure our customers that our Smart TV’s are safe to use. We will release a previously scheduled software patch in January 2013 to further strengthen Smart TV security. We recommend our customers to use encrypted wireless access points, when using connected devices.”
Samsung’s spokesperson comments “Samsung takes the security of our products very seriously. We are currently investigating the matter and will take appropriate actions, to the extent necessary.”
Security Ledger adds “the Smart TVs offer no security features such as a firewall, user authentication or application whitelisting. More critically: there is not independent software update capability, meaning that barring a firmware update from Samsung, the exploitable hole can’t be patched without ’voiding the device’s warranty and using other exploits‘ ReVuln said.”
Built-in microphones and TV cameras with Internet connectivity are currently limited to eleven Samsung HDTV models (three 8000 series plasmas , three 7500 series, four 8000 series and one 9000 series model) with screen sizes of 46 to 75-Inches. However, industry sources tell us to expect many new model series from other manufacturers that also will include built-in high-definition TV cameras and microphones when 2013 models debut at January’s 2013 International CES. Below is a video from ReVuln that discusses some of its findings.
Is Verizon Getting Into The Act?
Recently published on the United States Patent and Trademark website is Verizon’s patent application for a DVR Cable box with built-in video camera, face recognition and microphones that will permit it to identify viewers of a given TV program and then supply highly targeted advertisements to these subscribers. An example provided: the camera sees and hears a couple arguing, next an ad for a marriage counselor is inserted during the commercial break. The ability of Samsung Smart TVs to also provide highly-targeted ads if Samsung chooses in the future was discussed in our Is Your New HDTV watching you article. Currently, Samsung states it has no plans to use the mics/camera for viewer specific advertising that would be picked by analyzing the facial recognition, video and sound data picked up by the TV.
To see the Verizon patent application go to the USPTO link .
Below is a video supplied by ReVuln of some of its hacks
Have a question for the HD Guru?
Copyright ©2012 HD Guru Inc. All rights reserved. HDGURU is a registered trademark.